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WHAT IS CLAIMED IS: 

1 . A method for blocking an attack on a private network implemented by 
a routing device interconnecting the private network to a public network, comprising: 

5 receiving a request for connection from an initiator, over the public network; 

requesting an acknowledgment from the initiator of the request; 
determining whether the acknowledgment has been received within a 
predetermined amount of time; and 

denying the request if the acknowledgment is not received within the 
10 predetermined amount of time. 

2. The method of Claim 1, wherein the public network is the Internet. 

3. The method of Claim 2, wherein the routing device is a firewall 
1 5 providing access to the Internet. 

4. The method of Claim 1, further comprising processing the request if 
the acknowledgement is received. 

20 5. The method of Claim 1, further comprising adding an IP address of the 

initiator to a cache of IP addresses if the acknowledgement is not received. 

6. The method of Claim 5, further comprising denying access through the 
routing device to any IP address on the cache of IP addresses. 

25 

7. The method of Claim 1, further comprising storing information about 
the initiator on a system log for analysis by the system administrator. 

8. The method of Claim 1, further comprising storing information about 
30 the request for connection on a system log for analysis by the system administrator. 
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9. The method of Claim 1, further comprising determining if a prior 
request for an acknowledgement has been sent to an IP address associated with the 
initiator and been unacknowledged within a predetermined amount of time, if the 
acknowledgement is not received. 

5 

10. The method of Claim 1, further comprising using diagnostic tools to 
determine additional information about a source of the request for connection. 

11. The method of Claim 10, wherein using diagnostic tools to determine 
10 additional information about a source of the request for connection comprises using 

trace root diagnostic tools to determine information about the source of the request for 
connection. 

12. The method of Claim 10, wherein using diagnostic tools to determine 
15 additional information about a source of the request for connection comprises using 

ping diagnostic tools to determine information about the source of the request for 
connection. 

13. The method of Claim 10, wherein using diagnostic tools to determine 
20 additional information about a source of the request for connection comprises using 

NS lookup diagnostic tools to determine information about the source of the request 
for connection. 

14. The method of Claim 10, further comprising forwarding the additional 
25 information to a system administrator via electronic mail. 
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15. A method for blocking an attack on a private network implemented by 
a routing device interconnecting the private network to a public network, comprising: 

receiving an incoming data packet from the public network; 
comparing a source address of the data packet against known internal 
5 addresses of the private network; 

determining if the source address matches a known internal address; and 
if there is a match: 

dropping the data packet; 
analyzing a header of the data packet; 
10 determining information regarding a history of the packet; 

determining a real source of the data packet using the information 
regarding the history of the packet; and 

refusing to process any additional data packets received from the real 
source of the data packet. 

15 

16. The method of Claim 15, further comprising storing data about the data 
packet on a system log, for use and analysis by a system administrator. 

17. The method of Claim 15, wherein the public network is the Internet. 

20 

18. The method of Claim 17, wherein the routing device is a firewall 
providing access to the Internet. 

19. The method of Claim 15, further comprising forwarding the data 
25 packet to the private network if there is not a match. 

20. The method of Claim 15, further comprising adding an IP address of 
the data packet to a cache of IP addresses if there is a match. 

30 21. The method of Claim 20, further comprising denying access through 

the routing device to any IP address on the cache of IP addresses. 
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22. The method of Claim 15, further comprising using diagnostic tools to 
determine additional information about a source of the data packet. 

23. The method of Claim 22, wherein using diagnostic tools to determine 
additional information about a source of the data packet comprises using trace root 
diagnostic tools to determine additional information about the source of the data 
packet. 

24. The method of Claim 22, wherein using diagnostic tools to determine 
additional information about a source of the data packet comprises using ping 
diagnostic tools to determine additional information about the source of the data 
packet. 

25. The method of Claim 22, wherein using diagnostic tools to determine 
additional information about a source of the data packet comprises using NS lookup 
diagnostic tools to determine additional information about the source of the data 
packet. 

26. The method of Claim 22, further comprising forwarding the additional 
information to a system administrator via electronic mail. 
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27. A method for blocking an attack on a private network implemented by 
a routing device interconnecting the private network to a public network, comprising: 

receiving a request for connection from an initiator, over the public network; 

requesting an acknowledgment from the initiator of the request; 
5 determining whether the acknowledgment has been received within a 

predetermined amount of time; 

denying the request if the acknowledgment is not received within the 
predetermined amount of time; 

comparing a source address of the request for connection with known internal 
1 0 addresses of the private network; 

determining if the source address matches a known internal address; and 

refusing to process the request for connection if there is a match. 
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28. A system for blocking an attack on a private network, comprising: 
a routing device being operable to interconnect a private network to a public 
network, the routing device being further operable to: 

receive a request for connection from an initiator, over the public 

5 network; 

request an acknowledgment from the initiator of the request; 
determine whether the acknowledgment has been received within a 
predetermined amount of time; and 

deny the request if the acknowledgment is not received within the 
1 0 predetermined amount of time. 
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29. A system for blocking an attack on a private network, comprising: 
a routing device being operable to interconnect the private network and a 
public network, the routing device being further operable to: 

receive an incoming data packet from the public network; 
compare a source address of the data packet against known internal 
addresses of the private network; 

determine if the source address matches a known internal address; and 
if there is a match: 

drop the data packet; 
analyze a header of the data packet; 
determine information regarding a history of the packet; 
determine a real source of the data packet using the information 
regarding the history of the packet; and 

refuse to process any additional data packets received from the 
real source of the data packet. 
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30. A system for blocking an attack on a private network, comprising: 
means for interconnecting a private network to a public network; 
means for receiving a request for connection from an initiator, over the public 
network; 

means for requesting an acknowledgment from the initiator of the request; 

means for determining whether the acknowledgment has been received within 
a predetermined amount of time; and 

means for denying the request if the acknowledgment is not received within 
the predetermined amount of time. 
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31. A system for blocking an attack on a private network, comprising: 
means for interconnecting the private network and a public network; 
means for receiving an incoming data packet from the public network; 
means for comparing a source address of the data packet against known 
internal addresses of the private network; 

means for determining if the source address matches a known internal address; 

and 

if there is a match, means for: 

dropping the data packet; 

analyzing a header of the data packet; 

determining information regarding a history of the packet; 

determining a real source of the data packet using the 
information regarding the history of the packet; and 

refusing to process any additional data packets received from 
the real source of the data packet. 
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32. Software embodied in a computer-readable medium, the computer- 
readable medium comprising code operable to: 

interconnect a private network to a public network; 

receive a request for connection from an initiator, over the public network; 

request an acknowledgment from the initiator of the request; 

determine whether the acknowledgment has been received within a 
predetermined amount of time; and 

deny the request if the acknowledgment is not received within the 
predetermined amount of time. 
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33. Software embodied in a computer-readable medium, the computer- 
readable medium comprising code operable to: 

receive an incoming data packet from the public network; 
compare a source address of the data packet against known internal 
addresses of the private network; 

determine if the source address matches a known internal address; and 
if there is a match: 

drop the data packet; 
analyze a header of the data packet; 
determine information regarding a history of the packet; 
determine a real source of the data packet using the information 
regarding the history of the packet; and 

refuse to process any additional data packets received from the 
real source of the data packet. 



